Policies

This Privacy Notice is version 2.1 and is valid from May 2021.

Medinet is committed to protecting the privacy and security of your personal information. This Privacy Notice details what personal data we collect and how we use it.

Changes to this Privacy Notice

We continually review our Privacy Notice and update it where necessary. If we make significant changes to our policy, we shall contact you to inform you.

Our Contact Details

Our contact details are as follows:

Medinet

111 Charterhouse St, Farringdon, London EC1M 6AW

020 8124 0579

info@ukmedinet.com

Data Protection Officer

In observance of the UK General Data Protection Regulation and the Data Protection Act 2018, we have chosen to appoint a Data Protection Officer.

The Data Protection Officer can be contacted using the below details:

emma.cooper35@nhs.net

Data Protection Officer

Medinet

111 Charterhouse St, Farringdon, London EC1M 6AW

Scope

We are a provider of healthcare solutions. We process the personal data of the following types of people to allow us to undertake our business:

Prospective and placed subcontractors
Prospective and live client contacts
Supplier contacts to support our services
Employees, consultants, temporary workers
Patients using services provided by our workers.
Patients of NHS clients for which we provide services.
We collect information about you to carry out our core business and ancillary activities.

If you are a prospective or placed contractor, employee, consultant or temporary worker, please consult the staff privacy notice for more details.

Information we might process about you.

This is information about you that you give us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, to enter our database, subscribe to our services, to register as a prospective contractor and when you report a problem with our site.

The information you give us or we collect about you may include your name, address, private and corporate e-mail address and phone number, financial information, compliance documentation and references verifying your qualifications and experience and your right to work in the United Kingdom, curriculum vitae and photograph, links to your professional profiles available in the public domain e.g. LinkedIn, Twitter, business Facebook or corporate website.

With regard to each of your visits to our site we will automatically collect the following information: your login information if applicable, browser type and version, and country.

Information we obtain from other sources.

This is information we obtain about you from other sources such as LinkedIn, corporate websites, job board websites, online CV libraries, your business card, personal recommendations, and others. In this case we will inform you, by sending you this privacy notice, within a maximum of 30 days of collecting the data of the fact we hold personal data about you, the source the personal data originates from and whether it came from publicly accessible sources, and for what purpose we intend to retain and process your personal data.

We are working closely with third parties including companies within our Group, business partners, sub-contractors in technical, professional, payment and other services, advertising networks, analytics providers, search information providers, credit reference agencies, professional advisors and others. We may receive information about you from them for the purposes of our recruitment services and ancillary support services.

Purposes of the processing and the legal basis for the processing

We use information held about you in the following ways:

To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
The core service we offer to our clients is the provision of subcontractors and project management.
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of
We will rely on contract if we are negotiating or have entered into an agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce you to a client (if you are a candidate).
We process patient health data only as a data processor, in line with the requirements of the data controller and do not set the legal basis for this type of processing.
We gather patient feedback, when we have explicit consent, using a form on our website in order to monitor and improve our service.

Our Legitimate Business Interests

Our legitimate interests in collecting and retaining your personal data is described below:

We provide medical support to hospitals and trusts, as part of our due diligence we need to check the credentials of the subcontractors, doctors and support staff that we use, including personal details, qualifications, CRB checks, blood test results, references etc. These are held by us securely and only passed to a client with your permission.

Consent

Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.

Do we need your consent to use particularly sensitive information?

We do not need your consent if we use your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

Other Uses we will make of your data:

Use of our website.
to notify you about changes to our
to ensure that content from our site is presented in the most effective manner for you and for your computer.
We will use this information:

to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
to improve our site to ensure that content is presented in the most effective manner for you and for yourcomputer;
to allow you to participate in interactive features of our service, when you choose to do so;
as part of our efforts to keep our site safe and secure;
to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process.
All staff receive GDPR training so that they are aware of their obligations regarding your personal data.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our services.

Please see our Cookie Policy for further information. (Below)

Change of purpose: We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Why might you share my personal information with third parties? We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. We will share your personal information with third parties where:

required by law
it is necessary to administer the working relationship with you
we have a legitimate interest in doing so.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Any third parties with whom we might share your personal information and the basis on which we do so are detailed in the Schedule to this notice.

Data security: We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention: We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests. Accordingly, we have a data retention notice and run data routines to remove data that we no longer have a legitimate business interest in maintaining. Our current retention notice is available upon request.

Your rights in connection with personal information: Under certain circumstances, the law grants you specific rights. These are summarised below. Please note that your rights may be limited and subject to restrictions in certain situations:

Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the DPO.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In any circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the DPO.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Transferring data outside of the UK/EEA.

The data that we collect from you may/will be transferred to, and stored at, a destination outside the UK or the European Economic Area (”EEA”). It may be transferred to third parties outside of the UK/EEA for the purpose of our recruitment services. It may/will also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, our recruitment services and the provision of support services.

Your Right to Lodge a Complaint with the ICO

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can lodge a complaint with the Information Commissioners Office via email https://ico.org.uk/global/contact-us/email/ or by writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire.
SK9 5AF.
Or by telephone on 0303 123 1113.